//package com.market.xg.auth.web.config;
//
//import lombok.extern.slf4j.Slf4j;
//import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.core.annotation.Order;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.builders.WebSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//
//@Slf4j
//@Configuration
//@EnableWebSecurity
//@Order(-1)
//@EnableGlobalMethodSecurity(prePostEnabled=true)
//public class AuthWebSecurityConfig extends WebSecurityConfigurerAdapter {
//
//    @Override
//    public void configure(WebSecurity web) throws Exception {
//        log.info("configure WebSecurity");
//        //忽略哪些资源不用security来管理
//        web.ignoring().antMatchers(
//                "/doc.html/**",
//                "/v2/api-docs/**",
//                "/swagger-resources",
//                "/favicon.ico",
//                "/webjars",
//                "/oauth/getAppToken"
//        );
//
//    }
//
//    //采用bcrypt对密码进行编码,也可以new 一个MD5加密, 看需要
//    @Bean
//    public PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
//    }
//    @Override
//    public void configure(HttpSecurity http) throws Exception {
//        log.info("configure HttpSecurity");
//        //配置策略,比如防止csrf攻击,根据需求,不配就使用默认的也行
//        http.csrf().disable()
//                .httpBasic().and()
//                .formLogin()
//                .and()
//                .authorizeRequests().anyRequest().authenticated();
//
//    }
//
//}